Sophos Home Free gives consumers antivirus protection built for business, including remote management, but no testing labs vouch for its accuracy.

Sophos is a big name in business and enterprise antivirus and security suite products. That's the company's main focus, but you can get much of the same enterprise-level protection for your own devices, in the form of Sophos Home Free. It scores well in our hands-on malware protection test, though its phishing protection doesn't reach the current bar. Furthermore, Sophos doesn't submit its consumer products for testing by independent antivirus labs. Still, this product can be a good choice, especially if you manage antivirus protection for other people.

With Sophos, you install a small local agent on each PC or Mac that needs protection, and you manage all the settings from an online console. That makes perfect sense, given that in a business setting the IT department manages security remotely. Now you can install protection for whoever needs it and take care of it yourself. There is a limit of three installations per subscription, but of course you could set up another subscription on a different email address if necessary. With Sophos Home Premium you can manage up to 10 installations.

As noted, Sophos on the PC is a simple, local agent. Installation took a bit longer than I expected, at about five minutes. The main window has two big buttons, one to launch a scan and one to view recent activity. A smaller button lets you manage settings. Configuration and viewing history both happen online; clicking either launches the console in your browser. That might sound unwieldy, but I verified that changes reach the local agent quickly.

No Lab Results

Researchers at independent antivirus testing labs around put products through grueling tests and regularly report on their effectiveness. As fodder for my antivirus reviews, I closely track reports from four labs: AV-Test Institute, AV-Comparatives, SE Labs, and MRG-Effitas. These labs are major operations, and their reputations depend on accurate testing, so I take their results very seriously.

Alas, Sophos no longer participates in testing with these four labs, at least, not for its consumer products. A few years ago, when it still appeared in test results, it got good marks, but I don't have any recent results for reference.

Full participation in a lab's tests, including access to details on any missed samples, requires payment by the antivirus company, so you might think companies peddling free antivirus wouldn't be interested in spending the money. By observation, though, that's not the case. Avast and Avira Antivirus participate with all four of the labs that I follow, and both get excellent scores. My aggregate lab score algorithm gives Avast 9.3 of 10 possible points, and Avira gets 9.9.

Even the best commercial antivirus utilities can hardly do better. Kaspersky often leads the pack, with perfect scores from all four labs, but a few recent bobbles bring its aggregate score down to 9.6 points. Bitdefender tops the list with a perfect 10 points, but that's based on results from three labs; SE Labs didn't include Bitdefender in its latest round of testing.

This lack of independent lab scores carries over to the macOS edition as well. In the past, it earned certification from AV-Comparatives, but it doesn't appear in current test reports from that lab or from AV-Test.

Hands-On Malware Protection Testing

Many antivirus tools let you choose a quick scan of memory and likely malware hiding places, a full scan of the entire computer, or a custom scan where you choose exactly what you want scanned. Sophos keeps it simple; clicking the Scan Computer button runs a full scan. Be sure to do this right after installation, to root out any existing malware problems. In theory, real-time protection should handle any new attacks, but Sophos does let you schedule scans for any or all days of the week.

On my standard clean test system, the scan seemed reasonably fast at first, but it reached 99 percent completion and just stayed there for a half-hour or more. The scan took an hour and 22 minutes, about the same as Trend Micro Antivirus+ Security. That's nearly twice the current average.

With some antivirus tools, that initial scan serves to optimize subsequent scans, for example by marking files that don't need to be scanned again. This optimization can make repeat scans much, much faster. For example, Norton took nearly two hours to run its first scan, but finished a repeat scan in 11 minutes. Kaspersky Free finished its initial scan in a speedy 36 minutes, but cranked that down to nine minutes in a second scan. By observation, Sophos doesn't attempt scan optimization.

When there are no lab results for reference, my hands-on malware protection loom large in importance. To start, I simply open a folder containing malware samples I curated and analyzed myself. Sophos slowly began popping up detection notices about these, each with a button to close the notification or manage detection. Typically, detected samples vanish from sight as the antivirus quarantines them; I didn't see that happening with Sophos. About 10 minutes later, it went through another round of notifications, each of these telling me it removed an item that it had detected earlier. As you'll see, this slow but steady approach proved effective.

Clicking the Manage button took me to the activity list online. I found the list awkward and unwieldy, a long scrolling web page showing no more than three items at a time. Of course, the average user probably sees no more than one item at a time, so this may not matter. Clicking a Show Advanced Options link in any entry expanded it to let you restore and whitelist an item quarantined by mistake.

That restore option proved important, because Sophos quarantined three perfectly valid (if dated) utilities originally published by PCMag. In previous reviews, I found that Sophos handled potentially unwanted applications (PUAs) by waiting for user advice on what to do. This time it quarantined all those it found, including the three false positives.

I also found it tough to finish this phase of testing, due to the massive stack of notifications. As with many products, the notifications all stack up in the same location. But where some other antivirus utilities include an option to dismiss the whole stack, Sophos made me click away every single one of them.

Sophos eliminated 90 percent of the samples at this stage, which is way more than most. The only recent product to wipe out more samples on sight was G Data Antivirus, with 93 percent.

To complete the test, I launched the mere handful of samples that survived the initial massacre. Sophos detected almost all of them, but did allow some to place executable files on the test system. Overall, it detected 97 percent of the samples and earned 9.3 of 10 possible points, better than almost all competitors, including four others whose score also rounded to 9.3 points. G Data scored higher, 9.5 points, though. And Webroot SecureAnywhere AntiVirus managed a perfect 10.

Gathering and analyzing a new collection of malware samples takes a long time, time that I can't spend on reviews, so I only do it about once a year. To check each product's ability to protect against the very newest malware, I start with a feed of malware-hosting URLs supplied by MRG-Effitas. Launching each in turn, I record whether the antivirus put up a barrier to even connecting with the dangerous site, eliminated the malware payload on download, or sat idly doing nothing. Once I have 100 data points, I tally the results.

Sophos managed a 97 percent protection rate, doing most of its work by cutting off access to the dangerous URLs. For blacklisted URLs it reported High Risk Website Blocked; for new discoveries the message was Malicious Content Blocked. These showed up in roughly equal numbers. Because the website protection component works below the browser level, it can't replace HTTPS pages with a warning. It reported malicious HTTS pages using a pop-up, while the browser just displayed an error message.

As for malware caught at the download stage, the real-time protection eliminated about half of them. For the other half, the Download Protection component kicked in. This component relies on a reputation score based on the item's content, the hosting website, and feedback from other computers. If the reputation is low, Sophos advises skipping the download.

A protection rate of 97 percent is good, but it's not at the tippy-top. Bitdefender Antivirus Plus, Norton, and Trend Micro all managed 99 percent in this teat.

Good Phishing Protection

Sophos watches network traffic to cut off access to malware-hosting websites, but those aren't the only sites you need to avoid. Phishing sites don't contain malware, but they can be quite damaging nonetheless. A phishing site masquerades as a secure site, anything from banking to email to gaming. If your eyes are sharp enough, you'll spot the scam and move on. But if you enter your password on the fake page, you've given away your account to the fraudsters. Fortunately, Sophos helps steer you away from phishing sites.

For testing, I scrape the newest reported fraudulent sites from websites that track such things. I launch each one in a browser protected by the product under testing, and simultaneously in instances of Chrome, Firefox, and Internet Explorer using each browser's built-in phishing protection. If the page fails to load in any of the four browsers, I discard it. If it's not a clear attempt to steal your login credentials, I discard it.

About half of the verifiable frauds in my sample set used HTTPS. For these, as with malicious HTTPS URLs, Sophos displayed a popup warning, while the browser showed an error. It identified the other half with the High Risk Website warning, not distinguishing them as phishing sites at all.

Sophos did better this time around than in my previous review, going from 86 percent detection to 91 percent. However, other products have raised the bar for this test in the meanwhile. Kaspersky and McAfee managed 100 percent detection in their latest phishing tests. Six other products, among them Avast and AVG AntiVirus Free, scored 97 percent or better.

It's worth noting that plenty of products wind up on the low end as well. More than a quarter of recent products scored lower than all three browsers, and more than half got beat by at least one browser. Sophos tied with Chrome, beat Firefox, and trounced Internet Explorer. It's definitely better than the built-in protection.

Ineffective Parental Content Filter

Like Sophos Home Free (for Mac), this antivirus comes with a very simple parental control content filter. To configure it, you log in to the online console and choose the Web Filtering tab. Filtering is on a per-device basis; there's no option to filter for one user account and not for others.

The filtering page lists 28 content categories, organized into three groups: Adult & Potentially Inappropriate, Social Networking & Computing, and General Interest. For each category or group, you can configure Sophos to block access or to display a warning page that allows access, but notes that Sophos will log the activity.

In testing, the content filter blocked most of the naughty sites I tried, and didn't cave to a three-word network command that defangs some outmoded parental control systems. New since my last review, it handles HTTPS sites. As with malicious and fraudulent sites using HTTPS, Sophos pops up a notification of its action while leaving the browser to display an error message. If you just set Sophos to warn, rather than block, it ignores HTTPS sites, meaning that a clever teen could subvert the filter by going through a secure anonymizing proxy.

That partial control over HTTPS sites isn't the worst problem. Unlike almost every other content filter, Sophos is not browser-independent. It supports Chrome, Edge, Firefox, Internet Explorer, Opera, and Safari, but that's all. I installed Vivaldi and verified that Sophos had no power over it.

You might get some use out of this content filter if you aim to protect a young child from encountering the seamy side of the internet. A child who objects to the filtering, though, will have no trouble getting around it. Yes, this is a bonus feature, not a central antivirus component, but I'd still like to see it improved. Or removed.

Worth a Look

Sophos Home Free does very well in our hands-on tests, but the absence of any scores from the independent test labs is a problem, especially when other free antivirus tools get excellent marks from all four labs. While Sophos pulled up its antiphishing score since our last review, competitors have significantly raised the bar, doing much better than Sophos. And the afterthought web content filter is full of holes.

Kaspersky Free and Avast Free Antivirus appear in test results from all four of the independent labs that we follow, with scores ranging from very good to excellent. These two are our Editors' Choice free antivirus utilities.

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted b... See Full Bio

Sophos Home Free

Sophos Home Free

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.